Ahh...yes, my default "aaron" user is indeed a SUPERUSER. Ok, so I created a new, non-superuser and tried again...
> SELECT * FROm stackoverflow.movies WHERE title='Sneakers (1992)' ALLOW FILTERING; InvalidRequest: Error from server: code=2200 [Invalid query] message="Guardrail allow_filtering violated: Querying with ALLOW FILTERING is not allowed" Thank you for the quick response, Andres! On Thu, Jun 23, 2022 at 2:14 PM Andrés de la Peña <adelap...@apache.org> wrote: > Hi Aaron, > > Guardrails are not applied to superusers. The default user is a superuser, > so to see guardrails in action you need to create and use a user that is > not a superuser. > > You can do that by setting, for example, these properties on > cassandra.yaml: > > authenticator: PasswordAuthenticator > authorizer: CassandraAuthorizer > > Then you can login with cqlsh using the default superuser and create a > regular user with the adequate permissions. For example: > > bin/cqlsh -u cassandra -p cassandra > > CREATE USER test WITH PASSWORD 'test'; > > GRANT SELECT ON ALL KEYSPACES TO test; > bin/cqlsh -u test -p test > > SELECT * FROM stackoverflow.movies WHERE title='Sneakers (1992)' ALLOW > FILTERING; > InvalidRequest: Error from server: code=2200 [Invalid query] > message="Guardrail allow_filtering violated: Querying with ALLOW FILTERING > is not allowed" > > Finally, that particular guardrail isn't applied to system tables, so it > would still allow filtering on the system.local and system_views.settings > tables, but not in stackoverflow.movies. > > I hope this helps. > > On Thu, 23 Jun 2022 at 19:51, Aaron Ploetz <aaronplo...@gmail.com> wrote: > >> So I'm trying to test out the guardrails in 4.1-alpha. I've set >> allow_filtering_enabled: false, but it doesn't seem to care (I can still >> use it). >> >> > SELECT release_version FROM system.local; >> release_version >> --------------------- >> 4.1-alpha1-SNAPSHOT >> >> (1 rows) >> >> > SELECT * FROM system_views.settings WHERE >> name='allow_filtering_enabled'; >> name | value >> -------------------------+------- >> allow_filtering_enabled | false >> >> (1 rows) >> >> > SELECT * FROm stackoverflow.movies WHERE title='Sneakers (1992)' ALLOW >> FILTERING; >> id | genre | title >> ------+--------------------+----------------- >> 1396 | Crime|Drama|Sci-Fi | Sneakers (1992) >> >> (1 rows) >> >> Is there like some main "guardrails enabled" setting that I missed? >> >> Thanks, >> >> Aaron >> >>
